From ae5da4e14d17f1830eae5cf67374405b9b4a0659 Mon Sep 17 00:00:00 2001
From: Navdeep Parhar <np@FreeBSD.org>
Date: Mon, 19 Oct 2020 21:11:49 +0000
Subject: [PATCH] cxgbe(4): Updates to the drop features from r366532.

MFC after:	1 week
Sponsored by:	Chelsio Communications
---
 share/man/man4/cxgbe.4  | 7 +++++--
 sys/dev/cxgbe/t4_main.c | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/share/man/man4/cxgbe.4 b/share/man/man4/cxgbe.4
index d4d38b87307..f4484b64480 100644
--- a/share/man/man4/cxgbe.4
+++ b/share/man/man4/cxgbe.4
@@ -31,7 +31,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 8, 2020
+.Dd October 19, 2020
 .Dt CXGBE 4
 .Os
 .Sh NAME
@@ -369,6 +369,7 @@ The attack filter will drop an incoming frame if any of these conditions is
 true: src ip/ip6 == dst ip/ip6; tcp and src/dst ip is not unicast; src/dst ip is
 loopback (127.x.y.z); src ip6 is not unicast; src/dst ip6 is loopback (::1/128)
 or unspecified (::/128); tcp and src/dst ip6 is mcast (ff00::/8).
+This facility is available on T4 and T5 based cards only.
 .It Va hw.cxgbe.drop_ip_fragments
 Set to 1 to drop all incoming IP fragments.
 Default is 0.
@@ -378,9 +379,11 @@ Set to 1 to drop incoming frames with Layer 2 length or checksum errors.
 Default is 1.
 .It Va hw.cxgbe.drop_pkts_with_l3_errors
 Set to 1 to drop incoming frames with IP version, length, or checksum errors.
+The IP checksum is validated for TCP or UDP packets only.
 Default is 0.
 .It Va hw.cxgbe.drop_pkts_with_l4_errors
-Set to 1 to drop incoming frames with Layer 4 length, checksum, or other errors.
+Set to 1 to drop incoming frames with Layer 4 (TCP or UDP) length,
+checksum, or other errors.
 Default is 0.
 .El
 .Sh SUPPORT
diff --git a/sys/dev/cxgbe/t4_main.c b/sys/dev/cxgbe/t4_main.c
index dfc5a1cbccd..baf13052632 100644
--- a/sys/dev/cxgbe/t4_main.c
+++ b/sys/dev/cxgbe/t4_main.c
@@ -4823,7 +4823,7 @@ set_params__post_init(struct adapter *sc)
 	    F_DROPERRORIPHDRLEN | F_DROPERRORTCPHDRLEN | F_DROPERRORPKTLEN |
 	    F_DROPERRORTCPOPT | F_DROPERRORCSUMIP | F_DROPERRORCSUM;
 	val = 0;
-	if (t4_attack_filter != 0) {
+	if (chip_id(sc) < CHELSIO_T6 && t4_attack_filter != 0) {
 		t4_set_reg_field(sc, A_TP_GLOBAL_CONFIG, F_ATTACKFILTERENABLE,
 		    F_ATTACKFILTERENABLE);
 		val |= F_DROPERRORATTACK;
-- 
2.45.0